• Sumanth Korikkar's avatar
    mm/memory_hotplug: add missing mem_hotplug_lock · 001002e7
    Sumanth Korikkar authored
    From Documentation/core-api/memory-hotplug.rst:
    When adding/removing/onlining/offlining memory or adding/removing
    heterogeneous/device memory, we should always hold the mem_hotplug_lock
    in write mode to serialise memory hotplug (e.g. access to global/zone
    variables).
    
    mhp_(de)init_memmap_on_memory() functions can change zone stats and
    struct page content, but they are currently called w/o the
    mem_hotplug_lock.
    
    When memory block is being offlined and when kmemleak goes through each
    populated zone, the following theoretical race conditions could occur:
    CPU 0:					     | CPU 1:
    memory_offline()			     |
    -> offline_pages()			     |
    	-> mem_hotplug_begin()		     |
    	   ...				     |
    	-> mem_hotplug_done()		     |
    					     | kmemleak_scan()
    					     | -> get_online_mems()
    					     |    ...
    -> mhp_deinit_memmap_on_memory()	     |
      [not protected by mem_hotplug_begin/done()]|
      Marks memory section as offline,	     |   Retrieves zone_start_pfn
      poisons vmemmap struct pages and updates   |   and struct page members.
      the zone related data			     |
       					     |    ...
       					     | -> put_online_mems()
    
    Fix this by ensuring mem_hotplug_lock is taken before performing
    mhp_init_memmap_on_memory().  Also ensure that
    mhp_deinit_memmap_on_memory() holds the lock.
    
    online/offline_pages() are currently only called from
    memory_block_online/offline(), so it is safe to move the locking there.
    
    Link: https://lkml.kernel.org/r/20231120145354.308999-2-sumanthk@linux.ibm.com
    Fixes: a08a2ae3 ("mm,memory_hotplug: allocate memmap from the added memory range")
    Signed-off-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
    Reviewed-by: default avatarGerald Schaefer <gerald.schaefer@linux.ibm.com>
    Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
    Cc: Alexander Gordeev <agordeev@linux.ibm.com>
    Cc: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
    Cc: Anshuman Khandual <anshuman.khandual@arm.com>
    Cc: Heiko Carstens <hca@linux.ibm.com>
    Cc: Michal Hocko <mhocko@suse.com>
    Cc: Oscar Salvador <osalvador@suse.de>
    Cc: Vasily Gorbik <gor@linux.ibm.com>
    Cc: kernel test robot <lkp@intel.com>
    Cc: <stable@vger.kernel.org>	[5.15+]
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    001002e7
memory.c 31.7 KB